Ejemplo n.º 1
0
def list_to_scope(scope):
    """Convert a list of scopes to a space separated string."""
    if isinstance(scope, unicode_type) or scope is None:
        return scope
    elif isinstance(scope, list):
        return " ".join([unicode_type(s) for s in scope])
    else:
        raise ValueError("Invalid scope, must be string or list.")
Ejemplo n.º 2
0
def scope_to_list(scope):
    """Convert a space separated string to a list of scopes."""
    if isinstance(scope, list):
        return [unicode_type(s) for s in scope]
    elif scope is None:
        return None
    else:
        return scope.split(" ")
Ejemplo n.º 3
0
def scope_to_list(scope):
    """Convert a space separated string to a list of scopes."""
    if isinstance(scope, list):
        return [unicode_type(s) for s in scope]
    elif scope is None:
        return None
    else:
        return scope.split(" ")
Ejemplo n.º 4
0
def list_to_scope(scope):
    """Convert a list of scopes to a space separated string."""
    if isinstance(scope, unicode_type) or scope is None:
        return scope
    elif isinstance(scope, list):
        return " ".join([unicode_type(s) for s in scope])
    else:
        raise ValueError("Invalid scope, must be string or list.")
Ejemplo n.º 5
0
def prepare_grant_uri(uri, client_id, response_type, redirect_uri=None,
                      scope=None, state=None, **kwargs):
    """Prepare the authorization grant request URI.

    The client constructs the request URI by adding the following
    parameters to the query component of the authorization endpoint URI
    using the ``application/x-www-form-urlencoded`` format as defined by
    [`W3C.REC-html401-19991224`_]:

    :param response_type: To indicate which OAuth 2 grant/flow is required,
                          "code" and "token".
    :param client_id: The client identifier as described in `Section 2.2`_.
    :param redirect_uri: The client provided URI to redirect back to after
                         authorization as described in `Section 3.1.2`_.
    :param scope: The scope of the access request as described by
                  `Section 3.3`_.

    :param state: An opaque value used by the client to maintain
                  state between the request and callback.  The authorization
                  server includes this value when redirecting the user-agent
                  back to the client.  The parameter SHOULD be used for
                  preventing cross-site request forgery as described in
                  `Section 10.12`_.
    :param kwargs: Extra arguments to embed in the grant/authorization URL.

    An example of an authorization code grant authorization URL:

    .. code-block:: http

        GET /authorize?response_type=code&client_id=s6BhdRkqt3&state=xyz
            &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb HTTP/1.1
        Host: server.example.com

    .. _`W3C.REC-html401-19991224`: http://tools.ietf.org/html/rfc6749#ref-W3C.REC-html401-19991224
    .. _`Section 2.2`: http://tools.ietf.org/html/rfc6749#section-2.2
    .. _`Section 3.1.2`: http://tools.ietf.org/html/rfc6749#section-3.1.2
    .. _`Section 3.3`: http://tools.ietf.org/html/rfc6749#section-3.3
    .. _`section 10.12`: http://tools.ietf.org/html/rfc6749#section-10.12
    """
    if not is_secure_transport(uri):
        raise InsecureTransportError()

    params = [(('response_type', response_type)),
              (('client_id', client_id))]

    if redirect_uri:
        params.append(('redirect_uri', redirect_uri))
    if scope:
        params.append(('scope', list_to_scope(scope)))
    if state:
        params.append(('state', state))

    for k in kwargs:
        if kwargs[k]:
            params.append((unicode_type(k), kwargs[k]))

    return add_params_to_uri(uri, params)
Ejemplo n.º 6
0
def prepare_token_revocation_request(url,
                                     token,
                                     token_type_hint="access_token",
                                     callback=None,
                                     body='',
                                     **kwargs):
    """Prepare a token revocation request.

    The client constructs the request by including the following parameters
    using the "application/x-www-form-urlencoded" format in the HTTP request
    entity-body:

    token   REQUIRED.  The token that the client wants to get revoked.

    token_type_hint  OPTIONAL.  A hint about the type of the token submitted
    for revocation.  Clients MAY pass this parameter in order to help the
    authorization server to optimize the token lookup.  If the server is unable
    to locate the token using the given hint, it MUST extend its search across
    all of its supported token types.  An authorization server MAY ignore this
    parameter, particularly if it is able to detect the token type
    automatically.  This specification defines two such values:

        * access_token: An access token as defined in [RFC6749],
             `Section 1.4`_

        * refresh_token: A refresh token as defined in [RFC6749],
             `Section 1.5`_

        Specific implementations, profiles, and extensions of this
        specification MAY define other values for this parameter using the
        registry defined in `Section 4.1.2`_.

    .. _`Section 1.4`: http://tools.ietf.org/html/rfc6749#section-1.4
    .. _`Section 1.5`: http://tools.ietf.org/html/rfc6749#section-1.5
    .. _`Section 4.1.2`: http://tools.ietf.org/html/rfc7009#section-4.1.2

    """
    if not is_secure_transport(url):
        raise InsecureTransportError()

    params = [('token', token)]

    if token_type_hint:
        params.append(('token_type_hint', token_type_hint))

    for k in kwargs:
        if kwargs[k]:
            params.append((unicode_type(k), kwargs[k]))

    headers = {'Content-Type': 'application/x-www-form-urlencoded'}

    if callback:
        params.append(('callback', callback))
        return add_params_to_uri(url, params), headers, body
    else:
        return url, headers, add_params_to_qs(body, params)
Ejemplo n.º 7
0
def prepare_token_revocation_request(url, token, token_type_hint="access_token",
                                     callback=None, body='', **kwargs):
    """Prepare a token revocation request.

    The client constructs the request by including the following parameters
    using the "application/x-www-form-urlencoded" format in the HTTP request
    entity-body:

    token   REQUIRED.  The token that the client wants to get revoked.

    token_type_hint  OPTIONAL.  A hint about the type of the token submitted
    for revocation.  Clients MAY pass this parameter in order to help the
    authorization server to optimize the token lookup.  If the server is unable
    to locate the token using the given hint, it MUST extend its search across
    all of its supported token types.  An authorization server MAY ignore this
    parameter, particularly if it is able to detect the token type
    automatically.  This specification defines two such values:

        * access_token: An access token as defined in [RFC6749],
             `Section 1.4`_

        * refresh_token: A refresh token as defined in [RFC6749],
             `Section 1.5`_

        Specific implementations, profiles, and extensions of this
        specification MAY define other values for this parameter using the
        registry defined in `Section 4.1.2`_.

    .. _`Section 1.4`: http://tools.ietf.org/html/rfc6749#section-1.4
    .. _`Section 1.5`: http://tools.ietf.org/html/rfc6749#section-1.5
    .. _`Section 4.1.2`: http://tools.ietf.org/html/rfc7009#section-4.1.2

    """
    if not is_secure_transport(url):
        raise InsecureTransportError()

    params = [('token', token)]

    if token_type_hint:
        params.append(('token_type_hint', token_type_hint))

    for k in kwargs:
        if kwargs[k]:
            params.append((unicode_type(k), kwargs[k]))

    headers = {'Content-Type': 'application/x-www-form-urlencoded'}

    if callback:
        params.append(('callback', callback))
        return add_params_to_uri(url, params), headers, body
    else:
        return url, headers, add_params_to_qs(body, params)
Ejemplo n.º 8
0
def prepare_token_request(grant_type, body='', **kwargs):
    """Prepare the access token request.

    The client makes a request to the token endpoint by adding the
    following parameters using the ``application/x-www-form-urlencoded``
    format in the HTTP request entity-body:

    :param grant_type: To indicate grant type being used, i.e. "password",
            "authorization_code" or "client_credentials".
    :param body: Existing request body to embed parameters in.
    :param code: If using authorization code grant, pass the previously
                 obtained authorization code as the ``code`` argument.
    :param redirect_uri: If the "redirect_uri" parameter was included in the
                         authorization request as described in
                         `Section 4.1.1`_, and their values MUST be identical.
    :param kwargs: Extra arguments to embed in the request body.

    An example of an authorization code token request body:

    .. code-block:: http

        grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA
        &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb

    .. _`Section 4.1.1`: http://tools.ietf.org/html/rfc6749#section-4.1.1
    """
    params = [('grant_type', grant_type)]

    if 'scope' in kwargs:
        kwargs['scope'] = list_to_scope(kwargs['scope'])

    for k in kwargs:
        if kwargs[k]:
            params.append((unicode_type(k), kwargs[k]))

    return add_params_to_qs(body, params)
Ejemplo n.º 9
0
def prepare_token_request(grant_type, body='', **kwargs):
    """Prepare the access token request.

    The client makes a request to the token endpoint by adding the
    following parameters using the ``application/x-www-form-urlencoded``
    format in the HTTP request entity-body:

    :param grant_type: To indicate grant type being used, i.e. "password",
            "authorization_code" or "client_credentials".
    :param body: Existing request body to embed parameters in.
    :param code: If using authorization code grant, pass the previously
                 obtained authorization code as the ``code`` argument.
    :param redirect_uri: If the "redirect_uri" parameter was included in the
                         authorization request as described in
                         `Section 4.1.1`_, and their values MUST be identical.
    :param kwargs: Extra arguments to embed in the request body.

    An example of an authorization code token request body:

    .. code-block:: http

        grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA
        &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb

    .. _`Section 4.1.1`: http://tools.ietf.org/html/rfc6749#section-4.1.1
    """
    params = [('grant_type', grant_type)]

    if 'scope' in kwargs:
        kwargs['scope'] = list_to_scope(kwargs['scope'])

    for k in kwargs:
        if kwargs[k]:
            params.append((unicode_type(k), kwargs[k]))

    return add_params_to_qs(body, params)
Ejemplo n.º 10
0
def generate_age(issue_time):
    """Generate a age parameter for MAC authentication draft 00."""
    td = datetime.datetime.now() - issue_time
    age = (td.microseconds + (td.seconds + td.days * 24 * 3600)
           * 10 ** 6) / 10 ** 6
    return unicode_type(age)
Ejemplo n.º 11
0
def generate_age(issue_time):
    """Generate a age parameter for MAC authentication draft 00."""
    td = datetime.datetime.now() - issue_time
    age = (td.microseconds +
           (td.seconds + td.days * 24 * 3600) * 10**6) / 10**6
    return unicode_type(age)
Ejemplo n.º 12
0
def prepare_grant_uri(uri,
                      client_id,
                      response_type,
                      redirect_uri=None,
                      scope=None,
                      state=None,
                      **kwargs):
    """Prepare the authorization grant request URI.

    The client constructs the request URI by adding the following
    parameters to the query component of the authorization endpoint URI
    using the ``application/x-www-form-urlencoded`` format as defined by
    [`W3C.REC-html401-19991224`_]:

    :param response_type: To indicate which OAuth 2 grant/flow is required,
                          "code" and "token".
    :param client_id: The client identifier as described in `Section 2.2`_.
    :param redirect_uri: The client provided URI to redirect back to after
                         authorization as described in `Section 3.1.2`_.
    :param scope: The scope of the access request as described by
                  `Section 3.3`_.

    :param state: An opaque value used by the client to maintain
                  state between the request and callback.  The authorization
                  server includes this value when redirecting the user-agent
                  back to the client.  The parameter SHOULD be used for
                  preventing cross-site request forgery as described in
                  `Section 10.12`_.
    :param kwargs: Extra arguments to embed in the grant/authorization URL.

    An example of an authorization code grant authorization URL:

    .. code-block:: http

        GET /authorize?response_type=code&client_id=s6BhdRkqt3&state=xyz
            &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb HTTP/1.1
        Host: server.example.com

    .. _`W3C.REC-html401-19991224`: http://tools.ietf.org/html/rfc6749#ref-W3C.REC-html401-19991224
    .. _`Section 2.2`: http://tools.ietf.org/html/rfc6749#section-2.2
    .. _`Section 3.1.2`: http://tools.ietf.org/html/rfc6749#section-3.1.2
    .. _`Section 3.3`: http://tools.ietf.org/html/rfc6749#section-3.3
    .. _`section 10.12`: http://tools.ietf.org/html/rfc6749#section-10.12
    """
    if not is_secure_transport(uri):
        raise InsecureTransportError()

    params = [(('response_type', response_type)), (('client_id', client_id))]

    if redirect_uri:
        params.append(('redirect_uri', redirect_uri))
    if scope:
        params.append(('scope', list_to_scope(scope)))
    if state:
        params.append(('state', state))

    for k in kwargs:
        if kwargs[k]:
            params.append((unicode_type(k), kwargs[k]))

    return add_params_to_uri(uri, params)